UP to now, protection of communication data, that is security in wireless accessing, has been desired with the coming into widespread use of the wireless LAN system.
Recently, introduction of the wireless LAN system is going on not only for outdoor use but also for indoor use. For example, there are many instances in which an access point (AP or fixed base station) is installed in precincts and transmission/reception devices or access terminal devices termed generally “station” (STA) are connected to terminal devices provided on a floor to provide a wireless route connecting to the AP to provide for facilitated positional change of the terminal devices as well as to improve convenience in carrying out of doors and returning of portable terminal devices.
In such a system, communication data needs to be protected against the portable wireless terminal devices carried by a visitor from outside or against external wireless terminal devices that is able to intercept electrical waves tending to leak to an outdoor side.
As a data protection system in wireless communication, one exploiting encryption is becoming widespread. In the encryption system in the wireless communication system, researches for standardization have so far been conducted by IEEE.
At the current stage, the shared key encryption (common key) system, employing the WEP (Wired Equivalent Privacy algorithm) mechanism is adopted in IEEE 802.11 as an encryption and authentication system for the wireless section (or domain).
FIG. 6a is a block diagram showing an encryption (encipherment) system by the WEP mechanism as described in chapter 8.2.3 of IEEE 802.11, and FIG. 6b is a block diagram similarly showing a deencryption (decipherment) system.
Referring to FIG. 6a, the encryption system by the WEP mechanism is made up of a seed generating unit 601, encryption unit 602, error detection code generating unit (Integrity Algorithm) 603, error detection code appending unit 604 and ciphered text generating processing unit 605, and outputs an encrypted message 606. The encryption unit 602 is constituted by an RC4 algorithm.
The operation of FIG. 6a is described in IEEE 802.11 draft and hence is not explained specifically. The encipherment system of FIG. 6a is fed with an initialization vector (IV), a secret key and communication data (Plaintext) and outputs a ciphered text (Ciphertext).
The decipherment system by the WEP mechanism, shown in FIG. 6b, is made up of seed generating means 611, encryption unit 612, deencryption processing unit 613, code separation unit 614, error detection code generating unit 615 and error detection code comparator 616. The encryption unit 612 is comprised of an RC4 algorithm.
The decipherment system of FIG. 6b is fed with IV and the ciphered text from the received encrypted message (Ciphertext) 606 and performs decipherment processing using a memorized encrypted key. As a result, the deciphered plain text (Plaintext) and the results of comparison of the error detect ion code termed “Integrity Check Value” (ICV) are output.
FIG. 7 shows a frame structure of the encrypted message (Ciphertext) 606, transmitted from FIG. 6a to FIG. 6b. The structure of the encrypted message 606 is termed an Expanded WEP Frame Body. In FIG. 7, the numeral entered in each component element is based on octets (octet-unit), that is eight bits, referred to below as bytes. The expanded WEP frame body is made up of a 4-byte IV field 701, a data field of not less than 1 byte (PDU) 702 and a 4-byte ICV field 703. The data field 702 and the ICV field 703 of the expanded WEP frame body are encrypted, whilst the IV field 701 is transmitted without encryption.
The IV field 701 contains the discrimination information for the encrypted key used in encryption. That is, the IV field 701 is made up of a 3-byte initializing vector field 704, as a main body portion, and a 1-byte information field 707, composed of a 6-bit pad field (Pad) 705 and a 2 bit key ID field (Key ID) 706.
Since this key is made up of 2-bit information, up to four encrypted keys can be discriminated. So, up to four encrypted keys can be discriminated and managed in the encipherment system employing the WEP mechanism of IEEE 802.11.
Meanwhile, a variety of encryption communication apparatus or the encrypt ion communication devices used in this sort of the wireless communication have been proposed.
For example, in the JP Patent Kokai JP-A-11-196081, there is disclosed a technique of updating an encrypted key applicable to the encryption communication system comprising a transmitting station and a receiving station according to the technique of this JP Patent Kokai JP-A-11-196081, the sequence of operations of the data communication by encryption is as follows:
First, a spare key is generated on the transmitting side. A spare key is transmitted by a message encrypted on the transmitting side using an encrypted key. The spare key is updated as encrypted key on both the transmitting and receiving sides and subsequently used for encryption and deencryption to execute data communication.
The structure for executing this method has three features, namely (1) provision of storage means for the spare key, (2) provision of storage means for the encrypted key and (3) generation of the spare key by a transmitting station.